Back to Tools

WHM Exposure Checker

Enter a domain hosted on a cPanel server and check direct WHM access on port 2087 and the whm service subdomain over HTTPS port 443.

How it works: Enter a customer domain hosted on the cPanel server you want to test. Do not enter the server hostname or IP address. The checker tests direct WHM access on https://domain:2087/ and the service subdomain https://whm.domain/ over HTTPS port 443. TLS certificate validity is intentionally not evaluated.
Only test systems you own or are authorized to assess. No credentials are submitted. No login attempt is performed.
Enter a domain hosted on the cPanel server. The tool will check https://domain:2087/ and https://whm.domain/.
Anonymous limit: 50 hosted domains. Authenticated limit: 200 hosted domains.
0%

What WHM exposure means

WHM is the WebHost Manager interface used with cPanel servers. This checker takes a customer domain hosted on a cPanel server and makes external HTTP observations to determine whether the WHM login interface is reachable.

Direct WHM on port 2087

The checker tests https://domain:2087/. If this path returns WHM-specific evidence, the tool reports direct WHM access.

Service subdomain on port 443

cPanel creates service subdomains such as whm.domain. Even when direct port 2087 is blocked, WHM can remain reachable through https://whm.domain/ over standard HTTPS port 443.

Result interpretation

The result cards show every diagnostic detail: requested URLs, DNS resolution, resolved IP addresses, connection status, HTTP response, server headers, final URLs and ports, redirect chains, WHM detection evidence, and response times. Timeout and connection-refused results are reported factually — the tool does not claim that a port is blocked when only a timeout was observed.

Limitations

Results depend on DNS answers and the OpsCheck server network path. Firewalls and allowlists can return different results from other source networks. The tool does not test credentials, perform authentication, or exploit WHM. TLS certificate validity is intentionally ignored.

No. It reports externally observable WHM reachability. Vulnerability status depends on patch level, authentication, firewall policy, and configuration.

A timeout only means the request did not receive a response within the allowed time. This could be caused by a firewall, but also by network congestion, a dropped packet, server load, or a rate limiter. The tool reports what was observed — "timed out" — rather than inferring the cause.

Each card shows: requested URL, DNS status, resolved IP addresses, connection result, HTTP status and reason, server header, initial and final URL, initial and final port, redirect count and chain, response time, WHM classification, every detection signal found, and any error code.

"WHM confirmed" requires multiple independent signals or one signal on the standard WHM port. "Probable WHM" means one signal was detected but not enough for full confirmation. The evidence section always shows exactly which signals were found.